check node_modules into git

[sjama]

Ghost is an application and not a module, so we should check node_modules into git.

When distributing modules its advantageous to get the end-user to install dependencies, however this approach is not recommended for applications.

1. its unreliable - if npm is down or slow this will lead to failed/slow Ghost installs.
2. its not safe - specifying exact version for dependencies in the package.json only works for top-level dependencies. Dependencies further down could be updated by npm, which can easily introduce bugs that only show up in production.

By checking the node_modules directory into git (not including dev dependencies) we avoid these problems.

Side-Effects

1. There will no need to run npm install.
2. Because Ghost uses SQLite which has a static platform dependent binary we have to gitignore node_modules/sqlite3/lib/binding .
3. Therefore we either get the user to run npm rebuild sqlite3 or trigger it automatically as part of Ghost's first run.

For more background on the subject of checking node_modules into git read this blog post from Mikeal Rogers author of request or watch Sane Dependency Management by Isaac Schlueter author of npm and maintainer of nodejs.

[halfdan]

Have a look at #1326

[ErisDS]

Ghost is intended to be both an application, and a module, oh and while we're here, a platform too ;)

npm-shrinkwrap takes away the second problem (the blog post you link to was written before npm-shrinkwrap was introduced). We will be bundling a shrinkwrap file with releases from now on (it should have been in 0.3.3 but got lost somehow).

I don't thing Ghost fits the model of things which should have the node_modules checked in. I think that was aimed at absolute end-user applications. More like something you might have built for a client than a big open source app come module come platform thing.